Petya Ransomware | How It Spreads and How to Stay Ahead

Ransomware

After an examination of the encryption routine of the malware utilized as a part of the Petya/ExPetr assaults, experts understand that the malware author can’t decode the casualties’ circle – regardless of the possibility that an instalment was made. As it turns out, this malware attack is more like a wiper but mimics a ransomware.

Ransomware

Reports about a new avatar of ransomware attacks have been disturbingly frequent since June 27th 2017. With different versions of names unveiled – Petya, NotPetya. Petrwrap and exPetr – causing a rift in the virtual space worldwide. It mainly focused its attack on organizations in Ukraine, Russia, and Western Europe.

Security experts have rolled up their sleeves to blow down the gale of such ransomware attacks. Ensuring regular checks on system updates and by prompting the user on any viable destructive exploits.

How Does Ransomware Spread?

The ransomware does the dirty job with Windows systems that are vulnerable. Users are to put down their feet to ensure ‘system updates’ stay ahead of threats. However, the scenario is different, with business organizations surprising us with outdated vulnerable Windows system even after being warned of a heavy blow in the latest wannacry attack. Vulnerable Windows systems that survived the wanna cry attack are certainly now prone to the trending ransomware onslaught.

What does Petya do ?

Petya works on four things.

1. It is a worm that runs in through the local vulnerable Windows system to infect the local network.

2. It is a ransomware that operates to encrypt the Master Boot Record this paralyses the company from starting up the right way.

3. It also works on other files as and when the Master Boot Record fails, the system stays uncontrolled and with the fourth component

4. It works to thieve usernames, passwords and other login credentials from the infected system.This routes the malicious body to move around and gain access to other systems in the local network with the looted credentials.

Who Is at Risk?

Personal computers though patched with the latest Windows updates and even if not connected to the business networks are likewise vulnerable to the Petya worm. There is also another chance of being at risk, that is when the individual system gets connected to the VPN. Petya does not infect Mac, Android and Linux devices while it works to target only the Windows Systems.

How to Stay Ahead of Petya Ransomware

Installing the right and powerful Endpoint Protection system would aide system security with surplus splurge of consistent security measures. It also enables automatic patch updates avoiding the Windows system to be an exploit on the counter. Ensure to invoke anti-malware, firewall features, and other intrusion prevention techniques for servers and desktops.

Endpoint protection

Comodo One. Comodo Remote Control – Faster and Easier Remote Desktop Connections for MSPs

web security

One of the priorities of the Comodo One (C1) project is to put an end to the fragmented software model for MSPs. We intend to bring all the core services an MSP will need under the single umbrella and login of the C1 console. What’s more, we intend to do it using the very latest innovations and technologies, delivering tools that not only replace but also out-perform the 3rd party software currently in use today. Maybe we’re not quite there yet, but by engaging with and listening to our MSP community, we’ve made huge strides towards that goal in just a couple of years. Today, I’d like explain how one of these new tools, Comodo Remote Control (CRC), is already helping to streamline workflows and save money for our MSP users.

Remote Monitoring

Establishing a direct connection to customer endpoints is a vital part of a managed service provider’s job. It allows them to troubleshoot issues, install updates, run maintenance, gain access to networked resources and more. However, while overall monitoring of a client’s network will be done from a central console, MSPs have traditionally had to interrupt their workflows by resorting to 3rd party tools when they need an RDP connection. Using these 3rd party solutions often means the MSP has to pay another license fee, and often for over-specced software which contains features they don’t especially need. MSP’s may also be burdened with interoperability issues, requiring them to juggle additional codecs, Flash players and more just so they can get their solution to work with their customers.

Comodo RMM allows users to easily take control of any endpoint under their management, direct from the Comodo One device inventory. Remote connections to a device can also be made direct from a service desk ticket or by using the convenient desktop application. Once connected, administrators can view and interact with the remote PC and run any maintenance/update/monitoring tasks that are required.

CRC is seamlessly integrated with the endpoint monitoring interfaces of Comodo One, allowing MSPs to view the results of any updates they make to the machine in real-time. Just open the device inventory, select your target device and click ‘Remote Control’. Within a few clicks you’ve just completed a task that would usually have taken several minutes, potentially saving you hours of lost productivity over the course of a year. MSP’s who use CTC to perform maintenance can also reduce the number of on-site visits they need to make, reducing costs and improving overall productivity.

Built on Best of breed technologies like WebRTC

Comodo Remote Control was built from standards-based technologies such as Chromoting and WebRTC. WebRTC offers capabilities that are far in advance of existing communications and collaboration environments. Here is a summary of its features and advantages:

  • Interoperability. WebRTC applications can connect to any endpoint device, regardless of operating system. As a standards-based initiative, WebRTC provides superior interoperability with existing systems. This is a huge boost for MSPs who, by the nature of their business, deal with clients using wide-range of different technologies. WebRTC is also works entirely ‘in-browser’, so you don’t need additional plugins or a Flash player installed.
  • Improved video quality. WebRTC’s VP8 and VP9 codecs produce faster refresh rates and better quality video between you and your remote device. VP8 and VP9’s ubiquity in modern systems also overcomes interoperability issues, meaning you no longer need to download additional codecs which may contain malware.
  • Reliability. WebRTC technology features extremely robust session establishment protocols which work even across Network Address Translators (NAT). This reliability avoids server-relayed media, reduces latency, reduces CPU load and leads to visibility increased quality over many other communications/collaboration protocols.
  • Security. WebRTC offers extremely strong video encryption by default via its Secure RTP protocol. This is invaluable to MSPs as it prevents eavesdropping and 3rd party recording of confidential interactions themselves and their clients.
  • Dynamic. WebRTC adapts, compensates and adjusts to any changing network conditions to ensure you always enjoy solid connections and high quality video. The RTP Control Protocol (RTCP) and Secure Audio Video Profile with Feedback (SAVPF) protocols constantly analyze and respond to bandwidth availability changes and other network conditions to deliver reliable and responsive sessions.
  • WebRTC is an open-source project, an API developed by Google that delivers a standards-based, real-time media engine in all available browsers. Building from best-of-breed, open-source code allows developers like Comodo to save development time and eliminate certain production costs – savings which can be passed on to our customers.

Building on WebRTC to create a solution for MSPs.

In short, WebRTC is one of the most significant additions to the web platform since its inception, offering a simple and unified solution for establishing peer-to-peer communications in-browser. However, even with all the advantages provided by the platform, the development of our remote control implementations still required a great deal of careful thought and planning. Creating products tailored to our MSP user base which matched and surpassed existing solutions required consultation with our user-base, innovation, several design iterations and much optimization work.

Desktop Application

WebRTC is explicitly designed for use over browsers. We’ve had a browser-based implementation in the C1 console for a while, but we discovered MSPs needed a faster way to connect. Taking their requests on-board, we developed a convenient desktop app based on WebRTC which can be opened by simply clicking a Windows tray icon. It provides a quick, always-on means for MSPs to connect to their remote devices without having to navigate through the C1 console. We will also create native apps for Linux, MAC, Android and iOS in the future. On top of this, we plan to expand functionality to browsers in later developments, so users can assume remote control of a device direct from Chrome without installing the agent.

Improved Quality

We added VP9 support to Comodo Remote Control, giving us substantial quality and performance improvements over the more widely used VP8. Simply put, VP9 gets more quality out of each byte without requiring more bandwidth. It allows 1080p connections at the same bandwidth requirements that VP8 needs for 720p, and reduces data usage for users with poor connections by requiring only 40% of the bitrate of VP8. We also optimized the screen capture algorithm to further increase traffic speed between the agent and the remote desktop.

Extending the scope of existing technologies

Our development also made use of Chromoting technology. We removed the technology’s dependence on the Chrome browser to make it work within a native Windows application. This breakthrough provides us with the vital groundwork for when we develop sister apps for Linux, MAC, Android and iOS.

We’re not stopping here

Apart from developing apps for other operating systems than Windows, upcoming releases will see seamless file/folder integration, remote desktop access without client installation and a cloud based application.

Comodo Remote Control – Features and benefits

  • Securely link to your managed endpoints to trouble-shoot issues, monitor system performance and to collaborate with your customers on projects
  • Quickly Connect to any Windows endpoint direct from the Comodo One device inventory or by using the convenient Windows app
  • Uses industry standard technologies and protocols so no additional software or hardware reconfiguration is necessary. It even works seamlessly with corporate Network Address Translation systems (NATs)
  • No learning curve – Comodo RTC’s straightforward controls have none of the complexities of other remote desktop solutions.
  • Gain RDP control from any computer in any location at any time using the web console. You need only remember your C1 login details to gain Remote Access.
  • Avoid on-site visits. CRC enables MSPs to efficiently run support operations from a remote location, without needing to travel on-premises.

Remote Monitoring

Making Sense of Needs vs. Cyber Vendor Claims: Analyst Meets Expert

With malware ransoms now rising to as high as $1M (USD), there is heightened urgency for organizations and their CISOs, CSOs and other leaders to understand the latest threats to their business’ success, and their options to address them.

Making Sense of Needs vs Cyber Vendor Claims

The Threat Intelligence market alone is estimated by leading analysts to be nearing $6B (USD) per year, and “Endpoint Protection” (i.e. Protecting all network or Internet-connected computers, devices, etc. from allowing malware, etc. to enter there) is seeing rapid growth for vendors like Carbon Black, Cylance and Comodo.  Selecting a vendor is made difficult as many make seemingly similar claims, “See every threat,” “99% Effective!” and of course, “100% Protection with Default Deny Posture AND Default Allow Usability!”

Part of the confusion is the terminology used, for example some analysts and vendors will call it Endpoint Protection, others say AEP (Advanced Endpoint Protection), while IDC and yet others use STAP (Specialized Threat Analysis and Protection), and so on. It can give even the savviest security professional a headache.

Some basic principles remain and are extremely important:

  • 1. Do you want to allow unrecognized or otherwise unknown files to enter your infrastructure (aka “Default Deny posture”)?
  • 2. If your answer is “No” to unknown files (which may be the next WannyCry, etc.), how much disruption to day-to-day business are you and your users willing to tolerate (and which vendors meet that standard)?

Sifting through the noise can drive one to drink, but keeping those 2 questions in mind should help a bit.

An expert and a noted analyst will be debating these very issues live on Wednesday, June 28th if you’d like to join the discussion, so register now and join them and your peers from your own “endpoint” at 1:00 pm ET.

WATCH LIVE: Register and watch live

Endpoint security


About the Author: Steve Menges

Steven A. Menges is a B2B innovator and marketing and products executive with 15 years’ progressive experience. He owns the security buyer’s journey function for cybersecurity leader Comodo. A frequent industry author and speaker, he is an adjunct professor and Capstone/Thesis advisor at the NYU Master’s in Management and Systems and Master’s in Integrated Marketing programs. He is also the co-developer of the Business-to-Business Marketing Maturity Model.

Best 10 Features of an Effective Endpoint Security Strategy

Endpoint Protection

With overwhelming cyber attacks happening through malicious apps on mobile devices, security geeks are to intensify the endpoint security measures multiple folds. Setting up stringent endpoint security measures would be the best way to encounter possible malicious risks.

Endpoint Security

Endpoint Security Strategy

Be it company devices or BYOD devices, when connected to the network are prone to malware attacks. Endpoint protection has become the most critical aspect of IT security to protect any business and customer data and identity. When a device is connected to the company’s network that has an app infected with malware, hacker’s channel it to steal information or perform key logging activities without the consent of the user.

This calls for a strict endpoint security system that is a security-laden protocol to ensure endpoint and network protection. The endpoints can be computers, smartphones. laptops or Point of sale system and any other devices that are connected to the network. These protection needs a strategy intact, all organized with protocol and rules for the devices to stay compliant with security policies that ensures to obstruct suspicious access.

1. Ensure to feature-full Security Protection

An antivirus and a firewall are not just enough to protect any corporate-owned or BYOD devices. A multi-layered approach is all you need to protect the devices connected to the corporate network.

The security suite should be equipped with the following

2. Centralised Security Management Portal

Its beyond human’s potential to manage thousands of devices, computers and other terminals with bare minds, just with manual intervention. Hence an integrated security solution would be a robust schema to avoid redundancy and human errors.

A centralised security management system is all what you need to control and manage the integrity of the network and endpoint security.

  • User friendly features to wreck the havoc
  • Lesser security issues
  • Affordable
  • Instant response in case of suspicious interference

3. Complete Device and OS Protection

More than half of the companies encourage BYOD, while the new trend is on – Choose Your Own Device CYOD – the organization network is all connected with devices operating different operating systems. Sharpen your endpoint security system to maintain the functioning of the network under the radar.

4. Data Security

An endpoint security strategy is complete with an effective data protection system. Restrict access to endpoints to specific users to ensure only the concerned user is allowed to access the data and hence not exposing the data to any unauthorized user. Organizations are to ensure

  • Segregation of Network
  • Encryption of Data
  • Prevent Data Loss
  • Control File Integrity
  • Monitor the Data access
  • The endpoint security management system should be well equipped to handle data asset protection.

5. Improve Security Performance

With security the biggest challenge, organization should impose security measures to control, react to maintain a strategic distance from occurrences. By understanding your benchmark and objectives, you can improve measures in managing threats.

6. Awareness on Security Measures

Employees are to be educated on how to secure endpoints. They are to know the difference between a malicious mail and an authenticated one. Equipping the employees and users with sufficient knowledge on the security measures would prevent data loss and prevent the vulnerability exploits
Employees are to be trained on how to accept security updates, stay away from wireless networks.. Ensure that employees implement positive security behaviours and approach.

7. Mobile Threat Management

Security experts are to work on new and innovative security measures to arm the mobile devices from security threats. Ensuring a management systems to manage and defy threats would be definite to safeguard the endpoints. The mobile threat management system should wrap up the following features

  • Effective Validation of Devices
  • Managing third party Content
  • Containerization of Mobile Apps
  • Penetration Testing

A tough and specific security at a right measure would be a perfect console to protect the enterprise and its customer data from massive security breaches.

8. Continuous Detection

A well organized endpoint security strategy with continuous detection mechanism would ensure to detect changes instantly. This would prevent the company’s network from being a victim of a security breach. The system should enforce Data exploration, instant detection if there exists any malware activity.

9. Incident Response Approach

The organizations are to implement effective incident response approach by enforcing a centralized, automated tool to enable response that can encounter threats instantly.

10. Remediate Incidents

Endpoints should be equipped with an integrated security management tool to ensure remediation of incidents much instantly at the time of detection. This would improve the visibility of possible threats and ensure to prevent any malware attacks even before it tries to attack the network.

Endpoint Protection

Try Something Unique This Father’s Day

Fathers Day

Why should fathers day be about you alone? It could well be about your children, right? After all, they are your flesh and blood and the reason you are working hard. So let’s be different this Father’s day and turn things around by giving a gift to your children instead you expecting a gift from them. So what do you think you should be giving them?

Children these days are tech-savvy. I’m sure this goes to your child as well without saying. So they are probably hanging onto their laptops or smartphones or tablets and Ipods….phew, the list goes on – all the time. The point is they’ve become so dependent on these devices that they can hardly stay away from them. And each of these devices connects to the internet, which is abundant in information – and also with a lot of hackers and other online threats!

Now the question is – is your child’s digital gadget safe? If you are not sure and you do not know, what are you doing (or can do) to make them safe? Here are some suggestions for gifting your child this father’s day with “online web security” and proving that there is not a day in a calendar year when you don’t stop thinking about how ‘special’ your child is to you.

1. Install an Antivirus Package: Your child’s digital devices are a goner without an antivirus package to protect them from various security threats out there. So the first and foremost thing you should be doing is getting an antivirus package for securing all those digital gadgets they have. This simple step will do wonders to protecting those devices and prolonging their lifetimes.

2. Internet Security Suite: This is much more than an antivirus package and suits well for your PC(s) and laptops. It is usually made of many IT security tools like anti-spyware, firewall, anti-malware, and comes with auto-sandbox technology integrated into it. A powerful tool to secure your child’s device from various forms of hacking

3. Educate Them About the Importance of Online Security: You cannot, as a parent, give a better gift than educating your child. It is your duty to make them street-smart so that they tackle this world easily when they become adults themselves. So educate them about the importance of staying secure online. After all, they are connected to this (sometimes vicious) online world all the time where things can go wrong pretty easily.

Father's Day 2017 - Gift Idea's

Here Are Some Suggestions on What Security Tips You Can Impart To Them:

1. Password protection: Ensure that all their digital gadgets are password protected. Teach them how passwords are crucial to safeguarding their devices. Often, it’s easy to forget the importance of passwords in the highly-technical world we live in today. Remind them about the same. Also, make them understand that they need different passwords for their different digital accounts. A ‘one-password-for-all is a strict NO’. Let them understand this.

2. Disabling Bluetooth: Bluetooth is literally a gateway to your children’s digital device. So teach them the importance of ‘turning it on only when required’. Otherwise, their digital security can be compromised badly.

3. Public Wi-Fi (May Not be Always Secure): Your children will obviously be on the move. After all, they are children. Coffee houses, shopping malls, airports, and restaurants – all places where children frequent are equipped with “free public wi-fi”. An offer so tempting that even we adults have a hard time ignoring. This can actually be an avenue for hackers and no-good-doers. But teach them about its consequences. This should prevent them from accessing those free public wi-fi(s) again.

4. Create Awareness About Online Fraudulence: Let your children know that they should not be clicking every link from emails and other sites (especially pop-ups). That they are fake websites trying to swindle unsuspecting online users. Educate your children about other sophisticated forms of attacks.

If you’ve done all this, you probably secured your child’s online safety for good. Be proud of that and A very Happy Father’s Day to you!

Google Proposes: Managed CAs to Issue Symantec Certificates

Google Proposes: Managed CAs to Issue Symantec Certificates

On May 19, 2017, in the Blink Process forum, Ryan Sleevi of the Google Chrome team wrote:”Chrome will require that by 2017-08-08 all new Symantec-chaining certificates be issued by independently operated third-parties (aka “Managed CAs”).
Chrome will implement a check, on-or-after 2017-08-08, to enforce this by ensuring that the certificate chain contain a whitelist of intermediates (independently operated sub-CAs or the Managed CAs).”

Now, Google and Mozilla have proposed consensus plans designed to provide a framework that would allow Symantec certificates to remain in browser stores. However, though significant discussions have taken place between the browser authorities and Symantec, a consensus has still not been reached.

Then, inorder to restore confidence and security of Chrome users, Google proposed:

  • “A reduction in the accepted validity period of newly issued Symantec-issued certificates to nine months or less, in order to minimize any impact to Google Chrome users from any further misissuances that may arise.
  • An incremental distrust, spanning a series of Google Chrome releases, of all currently-trusted Symantec-issued certificates, requiring they be revalidated and replaced.
  • Removal of recognition of the Extended Validation status of Symantec issued certificates, until such a time as the community can be assured in the policies and practices of Symantec, but no sooner than one year.”

Following this statement, Mozilla observed the mississuances too and taking cognizance of this fact proposed plans for Symantec to restore trust in its public key infrastructure. Mozilla and Google have offered a consensus plan and a considerable amount of discussion has been going on about – “Managed CAs” or “independently operated sub-CAs”.

The Situation Now on Sub-CAs

On sub-CAs, Google proposes:

“These sub-CAs must be operated by a non-affiliated organization that operates roots currently trusted in the Android and Chrome OS trust stores that have been trusted for a period of at least two years.

The non-affiliated organization must accept full responsibility for the operation of these sub-CAs and agree that any misissuance from these sub-CAs will be treated as if it was misissuance from any of the other CAs the organization operates. Similarly, any misissuance from the other CAs the organization operates will be treated as if it was misissuance from these sub-CAs. Because the basis for trust in these intermediates will be based on chaining to the existing Symantec root certificates, rather than to a different organization’s CA certificates, Symantec must also accept responsibility for the operation of these sub-CAs and agree that any misissuance from these sub-CAs will be treated as if it was misissuance from any of the other CAs that Symantec operates.”

Further, “on 2017-08-08, any ‘expired’ validations (e.g. whose data or documents were obtained outside the permitted Baseline Requirements reuse periods), and any ‘new’ validations (e.g. those who do not have preexisting certificates issued in compliance with the Baseline Requirements, issued prior to 2017-08-08) would be validated by the Managed CA.”

The intent of the proposal is “to allow a meaningful and timely turndown of existing validations, and ensure a smooth transition to fully revalidated information, in a way that retroactive audits cannot provide sufficient assurance of.”

What It Means For You Now

There have been significant complications in defining the role of “Managed CA” or “sub-CA”, and browsers and Symantec have to come to a workable agreement to ensure that websites are not affected. However, in the eventuality that the process gets delayed, and a consensus is not reached then you risk the functioning and reputation of your website and suffer an interruption to your business.

Your Options

You must consider other options – such as reputed CAs like Comodo, who issue certificates strictly only in compliance with the Baseline Requirements as specified by the CA/Browser Forum. And if you have to handle many certificates then Comodo’s Certificate Manager (CCM) – an advanced certificate issuance and lifecycle management tool – makes management easy. With Google proposing shorter validation periods for certificates it makes better sense to utilize an effective certificate manager tool. Regarding your At-Risk certificates – you must take a call now.

SSL Certificate

Ransomware Defense: How to avoid falling victim to the next “WannaCry” [Webinar]

Antivirus

Join NATO Cyber Centre Ambassador Kenneth Geers and Comodo cybersecurity expert Gregory Lewis on June 7 for a free webinar to learn how you can protect yourself against ransomware.

Register here: https://www.comodo.com/landing/wannacry-ransomware-endpoints-protection/?af=9030

By now, you’ve surely heard of WannaCry. The ransomware made headlines around the world by infecting over 300,000 machines in 150 countries in a matter of days. Fortunately, a “kill switch” discovered just hours after WannaCry’s May 12 release slowed the attack, and a few days later, the ransomware was all but dead. Crisis averted, right?

Well, not exactly.

endpoint protection

 

The State of Ransomware

By all accounts, ransomware incidents have risen over the past couple years. A report from the Department of Justice noted a 300-percent increase in daily ransomware attacks from 2015 to 2016, and a Ponemon Institute survey from Jan. 2017 reported that 51-percent of companies had experienced at least one ransomware attack in the past year. Most estimates placed ransomware costs at around $1 billion in 2016, and that number is expected to rise in 2017.

In other words, WannaCry was just the tip of the iceberg.

So, how can you Protect Yourself?

Join NATO Cyber Centre Ambassador Kenneth Geers and Comodo cybersecurity expert Gregory Lewis on June 7 for a free webinar to learn:

  • Why detection and sandboxing solutions are largely ineffective against ransomware
  • Why 2017 may become the most costly year ever for ransomware attacks
  • About a cyber security solution that can stop ransomware from infecting your enterprise, regardless of any backdoors, exploits, or vulnerabilities your endpoints may have

First 50 registrants will get a free forensic analysis to detect unknown malware lurking on their endpoints. Seats are limited, so save yours today.

Register here: https://www.comodo.com/landing/wannacry-ransomware-endpoints-protection/?af=9030

Endpoint security